CVE-2025-4759 – Lockfile Lint API Incorrect Behavior Order Vulnerability

May 16, 2025

CVE ID : CVE-2025-4759

Published : May 16, 2025, 5:15 a.m. | 3 hours, 44 minutes ago

Description : Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by extending the package name allowing an attacker to install other npm packages than the intended one.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4749 – D-Link DI-7003GV2 Denial of Service Vulnerability

Next Article CVE-2025-4747 – NetDragon Firewall Command Injection Vulnerability

Highlights

CVE-2025-46333 – Z2D Stride Compositor Out-of-Bounds Write

April 25, 2025

CVE ID : CVE-2025-46333

Published : April 25, 2025, 9:15 p.m. | 1 hour, 46 minutes ago

Description : z2d is a pure Zig 2D graphics library. In version 0.6.0, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, the source surface can be completely out-of-bounds on the x-axis (but not on the y-axis) by way of a negative offset. This results in an overflow of the value controlling the length of the stride. In non-safe optimization modes (consumers compiling with `ReleaseFast` or `ReleaseSmall`), this could potentially lead to invalid memory accesses or corruption. This issue is patched in version 0.6.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-4759 – Lockfile Lint API Incorrect Behavior Order Vulnerability

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

Best Free and Open Source Alternatives to Mule ESB

Google dicht actief misbruikt V8-beveiligingslek in Chrome

Every Xbox and PC game announced during Summer Game Fest and the Xbox Games Showcase in 2025

IPhones Europese journalisten via iOS zero click-lek besmet met spyware

CVE-2025-46333 – Z2D Stride Compositor Out-of-Bounds Write

CVE-2025-48114 – ShayanWeb Admin FontChanger CSRF Stored XSS

Why WordPress Scalability Starts with Smart Site Structure from Day One

Best Free and Open Source Alternatives to Progress MOVEit

CVE-2025-4759 – Lockfile Lint API Incorrect Behavior Order Vulnerability

Related Posts